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CLAIMS 

What is claimed is: 



1 1. A system for generating an asymmetric crypto-key usable to 

2 transform messages to encrypt and decrypt or sign the messages for 

3 a user, comprising: 

4 a first processor configured to (i) generate a private crypto- 

5 key and a corresponding public crypto-key associated with the user, 

6 (ii) divide the private crypto-key into a first private key 

7 portion, based on a password of the user, and a second private key 

8 portion, (iii) destroy the private crypto-key and the first private 

9 key portion without distribution thereof and without storage 
nlO thereof in a persistent state, and (iv) store only the second 

private key portion and the public crypto-key in a persistent 

yj 12 state; and 

13 a second processor representing a user and configured to (i) 

fli 14 generate, responsive to receipt of an inputting of and based on the 

15 user password, only the first private key portion, and (ii) 

16 destroy, without storing in a persistent state, the generated first 
Ij 17 private key portion. 

^ 1 2. A system according to claim 1, wherein the user password 

IrJ 

2 has a bit length of between 56 and 72 bits and the generated first 

3 private key portion has a bit length of at least 257 bits, 

1 3. A system according to claim 1, wherein the 

2 first private key portion is generated in accordance with a one way 

3 function - 

1 4. A system according to claim 3, wherein: 

2 the first processor and the second processor are further 

3 configured to selectively operate in a first mode and a second 

4 mode; 
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5 in the first mode the first processor and the second processor 

6 apply the one way function a first number of times to generate the 

7 first private key portion; and 

8 in the second mode the first processor and the second 

9 processor apply the one way function a second number of times, 

10 different than the first number of times, to generate the first 

11 private key portion. 

1 5. A system according to claim 4, wherein: 

2 the first processor and the second processor are further 

3 configured to select one of the first and second mode for operation 

4 based on at least one of an identity of the user and a strength of 

5 the user password. 



f^l 6. A system according to claim 3, wherein: 

yj 2 the first processor and the second processor are further 

|i 3 configured to select the one way function from a group of one way 

01 4 functions. 

Li 

1 7. A system according to claim 6, wherein: 

[;f 2 the first processor and the second processor are further configured 

3 ™ 

W 3 to select the one way function based upon at least one of an 

g 4 identity of the user and a strength of the user password. 

1 8. A system according to claim 1, wherein: 

2 the second processor is further configured to encrypt or sign 

3 a message with the first private key portion prior to destroying 

4 the generated first private key portion; and the first processor is 

5 further configured to recover or verify the encrypted message by 

6 applying the stored second private key portion and the public key. 

1 9. A system for asymmetrically transforming a message, 

2 comprising : 
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3 a first processor representing a user and configured to 

4 generate, based on a password of the user, a first portion of a 

5 private crypto-key, to transform a message with the first private 

6 key portion, and to destroy the generated private key portion after 

7 transforming the message and; 

8 a second processor configured to further transform the 

9 transformed message by applying at least one of a second portion of 

10 the private crypto-key and a public crypto-key, both of which 

11 correspond to the first private key portion. 

1 10. A system according to claim 9, further comprising: 

2 a storage device configured to store the second private key 

3 portion and the public crypto-key in a persistent state; 

0 4 wherein the applied at least one of a second portion of the 
5 private crypto-key and a public crypto-key is at least one of the 

U 6 stored second private key portion and the stored public crypto-key, 

7 and the second processor is further configured to retrieve the at 

01 8 least one of the stored second private key portion and the stored 
7 9 public crypto-key based on the user password; 

H^IO wherein the first private key portion is never stored in a 

LI 11 persistent state. 

m 1 

1 11. A system according to claim 9, wherein the user password 

2 has a bit length of between 56 and 72 bits and the generated first 

3 private key portion has a bit length of at least 257 bits. 

1 12. A system according to claim 9, wherein the first private 

2 key portion is generated in accordance with a one way function. 

1 13. A system according to claim 12, wherein: 

2 the first processor and the second processor are further 

3 configured to selectively operate in a first mode and a second 

4 mode ; 
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5 in the first mode the first processor and the second processor 

6 apply the one way function a first number of times to generate the 

7 first private key portion; and 

8 in the second mode the first processor and the second 

9 processor apply the one way function a second number of times, 

10 different than the first number of times, to generate the first 

11 private key portion. 

1 14. A system according to claim 31, wherein: 

2 the first processor and the second processor are further 

3 configured to select one of the first and second mode for operation 

4 based on at least one of an identity of the user and a strength of 

5 the user password. 

if] 

.""h 1 15. A system according to claim 12, wherein: 

yj 2 the first processor and the second processor are further 

3 configured to select the one way function from a group of one way 

01 4 functions. 

1^" 1 16. A system according to claim 15, wherein: 

il 2 the first processor and the second processor are further configured 

^ 3 to select the one way function based upon at least one of an 

C3 

O 4 identity of the user and a strength of the user password 

1 17. A system for communicating a transformed message, in 

2 which a user is associated with a private crypto-key and a 

3 corresponding public crypto-key, and the private crypto-key has a 

4 first private key portion and a second private key portion, 

5 comprising: 

6 a first networked device, representing the user, configured to 

7 generate the first private key portion, to transform a first 

8 message with the generated first private key portion to form a 

9 second message, and to transmit the second message; 
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a second networked device configured to store the public 
crypto-key and the second private key portion, to receive the 
second message, and to further transform the second message with 
the second private portion to obtain the first message; 

wherein the first private portion is (i) not stored at any 
networked device and (ii) not transmitted over the network. 

18. A method for generating an asymmetric crypto-key usable 
to transform messages to both encrypt and decrypt the messages for 
a user, comprising: 

generating, based upon a password of the user, a private 
crypto-key and a corresponding public crypto-key associated with 
the user; 

dividing the private crypto-key into a first private key 
portion and a second private key portion; 

destroying the private crypto-key and the first private key 
portion without distribution thereof and without storage thereof in 
a persistent state; 

separately generating, responsive to receipt of, and based 
upon, the user password, only the first private key portion; and 

destroying, without storing in a persistent state, the 
separately generated first private key portion. 

19. The method according to claim 18, wherein the password has 
a bit length of 56 to 72 bits and the generated first private key 
portion has a bit length of at least 257 bits. 

20. The method according to claim 18, wherein the first 
private key portion is generated in accordance with a one way 
function. 

21. The method according to claim 18, further comprising: 
selecting one of a first mode and a second mode in which to 
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3 generate the first private key portion in accordance with a one way 

4 function; 

5 wherein the first mode the one way function is applied to the 

6 password a first number of times to generate the first private key 

7 portion; and 

8 wherein the second mode the one way function is applied to the 

9 password a second number of times ^ different than the first number 
10 of times, to generate the first private key portion. 

1 22. The method according to claim 21, wherein selection of the 

2 first and second mode is based on at least one of an identity of 

3 the user and a strength of the user password. 

1 23. The method according to claim 18, further comprising: 

2 selecting a one way function from a group of one way 

3 functions; and 

4 generating the first private key portion in accordance with 

5 the selected one way function; 

6 wherein selection of the one way function is based upon at 

7 least one of an identity of the user and a strength of the user 

8 password. 

1 24. The method according to claim 18, further comprising: 

2 transforming a message with the generated first private key 

3 portion prior to destruction thereof; and 

4 further transforming the message by applying at least one of 

5 the second private key portion and the public crypto-key. 
1 

1 25. The method according to claim 24, further comprising: 

2 storing the second private key portion and the public crypto- 

3 key in a persistent state; and 

4 retrieving the at least one of the stored second private key 

5 portion and the stored public crypto-key; 
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6 wherein the applied at least one of the second private key 

7 portion and the public crypto-key is at least one of the retrieved 

8 at least one of the second private key portion and the public 

9 crypto-key; and 

10 wherein the first private key portion is never stored in a 

11 persistent state. 
1 

1 26, A method for communicating a transformed message, in which 

2 a user is associated with a private crypto-key and a corresponding 

3 public crypto-key, and the private crypto-key has a first private 

4 key portion and a second private key portion, comprising: 

5 generating the first private key portion and transforming a 

6 first message with the generated first private key portion; 

Q 1 further transforming the first message with the second private 

f;-, 8 portion; 

yj 9 wherein the first private portion is (i) not stored at any 



^tlO networked device and (ii) not transmitted over a network, 



Pi 



1 27. The method according to claim 26, further comprising: 

2 processing a password to generate the first private key 

3 portion; 

4 wherein the password has a bit length of 56 to 72 bits and the 
rj 5 generated first private key portion has a bit length of at least 

6 257 bits. 

1 28. The method according to claim 27, wherein the first 

2 private key portion is generated in accordance with a one way 

3 function. 

1 29. The method according to claim 27, further comprising: 

2 selecting one of a first mode and a second mode in which to 

3 generate the first private key portion in accordance with a one way 

4 function; 
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5 wherein the first mode the one way function is applied to the 

6 password a first number of times to generate the first private key 

7 portion; and 

8 wherein the second mode the one way function is applied to the 

9 password a second number of times, different than the first number 
10 of times, to generate the first private key portion. 

1 30. The method according to claim 29, wherein selection of the 

2 first and second mode is based on at least one of an identity of 

3 the user and a strength of the user password. 

1 31. The method according to claim 27, further comprising: 

2 selecting a one way function from a group of one way 
— 3 functions; and 

Si 4 generating the first private key portion in accordance with 

5 the selected one way function; 

Jjf 6 wherein selection of the one way function is based upon at 

7 least one of an identity of the user and a strength of the user 

^ 8 password. 
1 

nj 
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